Imprivata OneSign
Connector name | agtimpravata |
Connector type | Executable |
Type (UI field value) | Imprivata OneSign |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):
administrator reset password
get server information
For a full list and explanation of each connector operation, see Connector operations.
Note
Bravura Security Fabric will not reset the primary domain account’s password via this connector. Instead, the connector will update the credentials in OneSign’s wallet, so the client agent can use the wallet password to automatically fill the user’s credentials for each of the deployed applications/systems mapped to the primary domain account.
Preparation
Before targeting Imprivata OneSign, set up:
A target system administrator on the OneSign SSO server
SSL (optional)
A provisioning system adaptor
Setting up a target system administrator
Bravura Security Fabric uses a designated account on Imprivata OneSign to perform Bravura Security Fabric operations. The target system administrator must be a domain user on the OneSign application with the Super Administrator role.
Setting up SSL
You can configure the Imprivata OneSign connector so all connections are made over SSL. Enable OneSign to use SSL by navigating to SSO > Provisioning > Security on the OneSign application’s administration page.
Setting up a provisioning system adaptor
Set up a provisioning system adaptor to allow the agtimprivata connector to submit SPML requests to OneSign in order to update passwords.
Go to the Imprivata administrator page.
Make sure that the application to be managed is listed on the SSO > Applications page.
Navigate to SSO > Provisioning to add a provisioning adaptor.
Include the host name or IP where the agent is going to run.
Add the mapping of the external domain name to the internal domain name. The external domain name is going to be used in the target system address.
Add an external application name that maps into an internal application name. The external application name will be used in the address line’s apps part.
See the Imprivata OneSign SSO documentation at https://<imprivata-server>/sso/Docs/SSO_Guide.pdf
Targeting the Imprivata OneSign system
For each Imprivata OneSign system, add a target system in Bravura Security Fabric (Manage the system > Resources > Target systems):
Type is Imprivata OneSign .
Address uses options described in the table below.
The address is entered as follows:
{server=<address>;port=<port>;ssl=<true/false>;checkCert=<true/false>;proxy=<http network>;systemname=<ext sysname>;domain=<name>; apps={<applications>;};}
The full list of target parameters is explained in Target system options .
Option | Description |
|---|---|
Options marked with a | |
Server | The IP address/domain name of the web server running the OneSign application. (key: server) |
Port | Default is 443. (key: port) |
Connection over SSL | (optional) Select to enforce SSL connections . Default is "true". (key: ssl) |
Validate the server’s certificate when connecting | Determines whether to validate the server’s security certificate for SSL connections. Default is "true". (key: checkCert) |
HTTP Network Proxy | Optional (key: proxy) |
External system name | External provisioning system adaptor name. (key: systemname) |
Domain | External domain name, used to map to the OneSign domain. See Setting up a provisioning system adaptor . (key: domain) |
Application list | List of external application names, mapped to OneSign applications that will have their accounts reset, in KVGroup format (case sensitive); for example, {outlook; webcal; } . See Setting up a provisioning system adaptor . (key: apps) |
